In 2022, 68,6 percent of all internet traffic in Germany came from bots, a significant increase compared to the previous year (39,6 percent). In an analysis, Imperva examined the number of bots on the Internet over the past ten years.
The 68,6 percent of bot traffic is offset by the proportion of traffic generated by human users at 25,2 percent, which is a rapid decrease compared to 2021 (57,4 percent). When it comes to the performance of the bots, Germany is exactly in line with the global average at 51,2 percent.
Malicious bots pose a significant risk to businesses: they compromise accounts, steal data, and increase spam. The consequences are higher infrastructure and support costs and the loss of users and customers. Collectively, billions of dollars are lost every year through automated attacks on companies' websites, infrastructure, APIs and apps.
Most bad bots in the financial industry
In Germany, the financial sector, consulting companies and the education sector stand out when it comes to the proportion of malicious bots. This is the highest at 88,7 percent, 76,4 percent and 76,1 percent respectively. On the other hand, the bad bots in these areas are only very sophisticated when it comes to consulting services (49,5 percent). In the financial sector, just under every tenth bot can be classified as highly developed, almost 60 percent are on a technically medium level and over 30 percent are only very rudimentary in their functionality. Also in education, only 8,5 percent are highly developed, while 43 percent are rudimentary.
The most sophisticated bots attack in retail
When it comes to news channels and news portals, the situation is similar: here the proportion of bad bots is over 75 percent; however, they can all only be classified as rudimentary – which, however, increases the likelihood of fake news. Conversely, the most highly developed and technologically advanced bots can be found in the retail sector at almost 52 percent. The proportion of bad bots is rather low here at 37 percent from the outset, compared to 21 percent of benevolent bots and 36 percent of traffic generated by human users.
In an international comparison, it can be said that the majority of countries have a bad bot problem. Of the 13 countries included in the study, seven had bad bot traffic rates above the global average of 30,2 percent. Germany is in first place with 68,6 percent, followed by Ireland with 45,1 percent and Singapore (43,1 percent). The USA is also above average at 32,1 percent.
Technical insights from the Imperva Bad Bot Report 2023
- Bad bots are becoming increasingly sophisticated and difficult to spot: Across industries, 68,6 percent of all malicious bots in Germany are equipped with advanced technologies. Malicious, sophisticated bots are of particular concern: they closely mimic human behavior and are difficult, if not impossible, to detect as such. They randomly choose IPs, gain access through anonymous proxies, and customize their identities.
- Account takeover attacks increased by 2022 percent in 155: Globally, 15 percent of all login attempts across all industries turned out to be account takeovers. Bad bots fill out registration forms and are used for brute force attacks. Users lose access to their own accounts and the bots can also view and steal the data stored in the accounts. Companies, in turn, face severe penalties because they do not comply with data protection requirements.
- Identify business logic and use it for your own purposes: Bad bots target APIs to copy business logic. 17 percent of all attacks on APIs worldwide in the past year came from bots. A business logic attack exploits vulnerabilities in the design and implementation of an API or application to manipulate operations, steal sensitive data, or illegally gain access to accounts. In general, 35 percent of account takeover attacks in 2022 were carried out via an API. When APIs are called programmatically, attackers can automate their takeover attempts without being noticed.
- Browser settings favor bad bots: One in five malicious bots was launched via the Mobile Safari browser in 2022; It was 16,1 percent in 2021. Certain browser privacy settings can obscure the behavior of malicious bots and make it difficult for companies to detect and stop automated traffic.
Imperva is a leading provider of comprehensive digital security dedicated to helping organizations secure their data and all routes to it. Only Imperva protects all digital areas - from business logic to APIs and microservices to the data layer - and both vulnerable legacy systems and cloud-based companies. Imperva protects customers' applications, data and websites from cyber attacks worldwide.